[SC-L] How Can You Tell It Is Written Securely?

2008-11-27 Thread Mark Rockman
is there that'll do the job? Doesn't exist, does it? MARK ROCKMAN MDRSESCO LLC ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http

[SC-L] Disable Bounds Checking?

2007-11-03 Thread Mark Rockman
Back around 1980, when Ada was new, it was common for compiler manufacturers to claim it is best to disable bound checking for performance reasons. Getting your program to run slightly faster trumped knowing that any of your buffers was overflowing. Code that silently trashes memory can be

[SC-L] COBOL Exploits

2007-11-02 Thread Mark Rockman
The adolescent minds that engage in exploits wouldn't know COBOL if a printout fell out a window and onto their heads. I'm sure you can write COBOL programs that crash, but it must be hard to make them take control of the operating system. COBOL programs are heavy into unit record equipment

Re: [SC-L] Programming languages -- the third rail of secure coding

2004-07-21 Thread Mark Rockman
JOVIAL goes back to the 1960s as Jules' Own Version of the International Algebraic Language. ALGOL and IAL are the same thing. JOVIAL was used almost exclusively by the United States Air Force. - Original Message - From: Dave Aronson [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL

Re: [SC-L] Education and security -- another perspective (was ACM Queue - Content)

2004-07-06 Thread Mark Rockman
You are not nuts. Your course outline is a very substantial step in the right direction. - Original Message - From: Dana Epp [EMAIL PROTECTED] To: Fernando Schapachnik [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, July 06, 2004 16:42 Subject: Re: [SC-L] Education and security